You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "Justin Bertram (Jira)" <ji...@apache.org> on 2021/02/24 16:40:00 UTC
[jira] [Commented] (ARTEMIS-3140) Support
com.sun.jndi.ldap.tls.cbtype in LDAPLoginModule
[ https://issues.apache.org/jira/browse/ARTEMIS-3140?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17290063#comment-17290063 ]
Justin Bertram commented on ARTEMIS-3140:
-----------------------------------------
The changes here should be pretty straight-forward, and there's no test to add since we don't have any AD-specific tests. Would you be willing to submit a PR?
> Support com.sun.jndi.ldap.tls.cbtype in LDAPLoginModule
> -------------------------------------------------------
>
> Key: ARTEMIS-3140
> URL: https://issues.apache.org/jira/browse/ARTEMIS-3140
> Project: ActiveMQ Artemis
> Issue Type: Bug
> Affects Versions: 2.17.0
> Reporter: Panu Hämäläinen
> Priority: Major
>
> Microsoft has added the following binding feature to LDAP connections (AD/Domain Controllers):
> [https://support.microsoft.com/en-us/topic/use-the-ldapenforcechannelbinding-registry-entry-to-make-ldap-authentication-over-ssl-tls-more-secure-e9ecfa27-5e57-8519-6ba3-d2c06b21812e]
>
> To interoperate with this Java has required some changes which are available at least in a Java 16 release candidate:
> [https://bugs.openjdk.java.net/browse/JDK-8245527]
> That is, to make Java add the required channel binding information to its LDAP connection, the JNDI environment property \{{com.sun.jndi.ldap.tls.cbtype}} must be set to \{{tls-server-end-point}}. However, Artemis LDAPLoginModule creates an internal environment object which does not support the property.
>
> I would also propose to improve the LDAPLoginModule class in a way that any future custom/added property could be included to the JNDI environment without requiring changes to the actual code.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)